Python Code Quality: Best Practices and Tools

Low-Quality Code

Low-quality code typically has only the minimal required characteristics to be functional. It may not be elegant, efficient, or easy to maintain, but at the very least, it meets the following basic criteria:

• It does what it’s supposed to do. If the code doesn’t meet its requirements, then it isn’t quality code. You build software to perform a task. If it fails to do so, then it can’t be considered quality code.
• It doesn’t contain critical errors. If the code has issues and errors or causes you problems, then you probably wouldn’t call it quality code. If it’s too low-quality and becomes unusable, then if falls below even basic quality standards and you may stop using it altogether.

While simplistic, these two characteristics are generally accepted as the baseline of functional but low-quality code. Low-quality code may work, but it often lacks readability, maintainability, and efficiency, making it difficult to scale or improve.

High-Quality Code

Now, here’s an extended list of the key characteristics that define high-quality code:

• Functionality: Works as expected and fulfills its intended purpose.
• Readability: Is easy for humans to understand.
• Documentation: Clearly explains its purpose and usage.
• Standards Compliance: Adheres to conventions and guidelines, such as PEP 8.
• Reusability: Can be used in different contexts without modification.
• Maintainability: Allows for modifications and extensions without introducing bugs.
• Robustness: Handles errors and unexpected inputs effectively.
• Testability: Can be easily verified for correctness.
• Efficiency: Optimizes time and resource usage.
• Scalability: Handles increased data loads or complexity without degradation.
• Security: Protects against vulnerabilities and malicious inputs.

In short, high-quality code is functional, readable, maintainable, and robust. It follows best practices, including clear naming, consistent coding style, modular design, proper error handling, and adherence to coding standards. It’s also well-documented and easy to test and scale. Finally, high-quality code is efficient and secure, ensuring reliability and safe use.

All the characteristics above allow developers to understand, modify, and extend a Python codebase with minimal effort.

The Importance of Code Quality

To understand why code quality matters, you’ll revisit the characteristics of high-quality code from the previous section and examine their impact:

• Functional code: Ensures correct behavior and expected outcomes.
• Readable code: Makes understanding and maintaining code easier.
• Documented code: Clarifies the correct and recommended way for others to use it.
• Compliant code: Promotes consistency and allows collaboration.
• Reusable code: Saves time by allowing code reuse.
• Maintainable code: Supports updates, improvements, and extensions with ease.
• Robust code: Minimizes crashes and produces fewer edge-case issues.
• Testable code: Simplifies verification of correctness through code testing.
• Efficient code: Runs faster and conserves system resources.
• Scalable code: Supports growing projects and increasing data loads.
• Secure code: Provides safeguards against system loopholes and compromised inputs.

The quality of your code matters because it produces code that’s easier to understand, modify, and extend over time. It leads to faster debugging, smoother feature development, reduced costs, and better user satisfaction while ensuring security and scalability.

Functionality

The most important factor when evaluating the quality of a piece of code is whether it can do what it’s supposed to do. If this factor isn’t achieved, then there’s no room for discussion about the code’s quality.

Consider the following quick example of a function that adds two numbers. You’ll start with a low-quality implementation of the function.

🔴 Low-quality code:

>>> def add_numbers(a, b):
...     return a + b
...

>>> add_numbers(2, 3)
5

Your add_numbers() function seems to work well. However, if you dig deeper into the implementation, you’ll note that if you mix some argument types, then the function will crash:

>>> add_numbers(2, "3")
Traceback (most recent call last):
    ...
TypeError: unsupported operand type(s) for +: 'int' and 'str'

In this call to add_numbers(), you pass an integer and a string. The function tries to add them, but Python comes up with an error because it’s impossible to add numbers and strings. Now, it’s time for a higher-quality implementation.

✅ Higher-quality code:

>>> def add_numbers(a: int | float, b: int | float) -> float:
...     a, b = float(a), float(b)
...     return a + b
...

>>> add_numbers(2, 3)
5.0

>>> add_numbers(2, "3")
5.0

When looking at this new implementation, you’ll quickly realize by inspecting the type annotations that the function should now be called with numeric values of type int or float. When you call it with numbers, it works as expected.

Now, what if you violate the argument types? The highlighted line converts the input arguments into float numbers. This way, the function will be more resilient and accept numeric values as strings even if this isn’t the expected input type.

Of course, this implementation isn’t perfect, but functionality-wise, it’s better than the first one. Don’t you think?

Readability

Code readability is one of the core principles behind Python. From the beginning, Python’s creator, Guido van Rossum, emphasized its importance, and it remains a priority for the core developers and community today. It’s even embedded in the Zen of Python:

Readability counts. (Source)

The following example shows why readability is important. Again, you’ll first have a low-quality version and then a higher-quality one.

🔴 Low-quality code:

>>> def ca(w, h):
...     return w * h
...

>>> ca(12, 20)
240

This function works. It takes two numbers and multiplies them, returning the result. But can you tell what this function is for? Consider the improved version below.

✅ Higher-quality code:

>>> def calculate_rectangle_area(width: float, height: float) -> float:
...     return width * height
...

>>> calculate_rectangle_area(12, 20)
240

Now, when you read the function’s name, you immediately know what the function is about because the argument names provide additional context.

Documentation

Documenting code is a task that gets little love among software developers. However, clear and well-structured documentation is essential for evaluating the quality of any software project. Below is an example of how documentation can contribute to code quality.

🔴 Low-quality code:

>>> def multiply(a, b):
...     return a * b
...

>>> multiply(2, 3)
6

This function provides no explanation of parameters or return values. If you dig into the code, then you can tell what the function does, but it would be nice to have some more context. That’s where documentation comes in. The improved version below uses docstrings and type hints as ways to document the code.

✅ Higher-quality code:

>>> def multiply(a: float, b: float) -> float:
...     """Multiply two numbers.
...     Args:
...         a (float): First number.
...         b (float): Second number.
...     Returns:
...         float: Product of a and b.
...     """
...     return a * b
...

>>> multiply(2, 3)
6

In the function’s docstring, you provide context that lets others know what the function does and what type of input it should take. You also specify its return value and corresponding data type.

Compliance

Meeting the requirements of well-known and widely accepted code standards is another key factor that influences the quality of a piece of code. The relevant standards will vary depending on the project at hand. A good generic example is writing Python code that follows the standards and conventions established in PEP 8, the official style guide for Python code. Here’s an example of low-quality code that doesn’t follow PEP 8 guidelines.

🔴 Low-quality code:

>>> def calcTotal(price,taxRate=0.05): return price*(1+taxRate)
...

>>> calcTotal(1.99)
2.0895

This function doesn’t follow the naming conventions and spacing norms established in PEP 8. The code might work, but it doesn’t look like quality Python code. It isn’t Pythonic. Now for the improved version.

✅ Higher-quality code:

>>> def calculate_price_with_taxes(
...     base_price: float, tax_rate: float = 0.05
... ) -> float:
...     return base_price * (1 + tax_rate)
...

>>> calculate_total_price(1.99)
2.0895

Here, the function sticks to the recommended convention of using snake case for function and variable names. It also uses proper spacing between symbols and a consistent line length policy.

Reusability

Reusability is also a fundamental characteristic of high-quality code. Reusable code reduces repetition, which improves maintainability and has a strong impact on productivity. Consider the following toy example that illustrates this quality factor.

🔴 Low-quality code:

>>> def greet_alice():
...     return "Hello, Alice!"
...

>>> greet_alice()
'Hello, Alice!'

This function hardcodes its use case. It only works when you want to greet Alice, which is pretty restrictive. Check out the enhanced version below.

✅ Higher-quality code:

>>> def greet(name: str) -> str:
...     return f"Hello, {name}!"
...

>>> greet("Alice")
'Hello, Alice!'
>>> greet("John")
'Hello, John!'
>>> greet("Jane")
'Hello, Jane!'

Although quite basic, this function is more generic and useful than the previous version. It takes a person’s name as an argument and builds a greeting message using an f-string. Now, you can greet all your friends!

Maintainability

Maintainability is all about writing code that you or other people can quickly understand, update, extend, and fix. Avoiding repetitive code and code with multiple responsibilities are key principles to achieving this quality characteristic. Take a look at the example below.

🔴 Low-quality code:

>>> def process(numbers):
...     cleaned = [number for number in numbers if number >= 0]
...     return sum(cleaned)
...

>>> print(process([1, 2, 3, -1, -2, -3]))
6

Even though this function is pretty short, it has multiple responsibilities. First, it cleans the input data by filtering out negative numbers. Then, it calculates the total and returns it to the caller. Now, take a look at the improved version below.

✅ Higher-quality code:

>>> def clean_data(numbers: list[int]) -> list[int]:
...     return [number for number in numbers if number >= 0]
...

>>> def calculate_total(numbers: list[int]) -> int:
...     return sum(numbers)
...

>>> cleaned = clean_data([1, 2, 3, -1, -2, -3])
>>> print(calculate_total(cleaned))
6

This time, you have a function that cleans the data and a second function that calculates the total. Each function has a single responsibility, so they’re more maintainable and easier to understand.

Robustness

Writing robust code is also fundamental in Python or any other language. Robust code is capable of handling errors gracefully, preventing crashes and unexpected behaviors and results. Check out the example below, where you code a function that divides two numbers.

🔴 Low-quality code:

>>> def divide_numbers(a, b):
...     return a / b
...

>>> divide_numbers(4, 2)
2.0
>>> divide_numbers(4, 0)
Traceback (most recent call last):
    ...
ZeroDivisionError: division by zero

This function divides two numbers, as expected. However, when the divisor is 0, the code breaks with a ZeroDivisionError exception. To fix the issue, you need to properly handle the exception.

✅ Higher-quality code:

>>> def divide_numbers(a: float, b: float) -> float | None:
...     try:
...         return a / b
...     except ZeroDivisionError:
...         print("Error: can't divide by zero")
...

>>> divide_numbers(4, 2)
2.0
>>> divide_numbers(4, 0)
Error: can't divide by zero

Now, your function handles the exception, preventing a code crash. Instead, you print an informative error message to the user.

Testability

You can say that a piece of code is testable when it allows you to quickly write and run automated tests that check the code’s correctness. Consider the toy example below.

🔴 Low-quality code:

def greet(name):
    print(f"Hello, {name}!")

This function is hard to test because it uses the built-in print() function instead of returning a concrete result. The code operates through a side effect, making it more challenging to test. For example, here’s a test that takes advantage of pytest:

import pytest

def test_greet(capsys):
    greet("Alice")
    captured = capsys.readouterr()
    assert captured.out.strip() == "Hello, Alice!"

This test case works. However, it’s hard to write because it demands a relatively advanced knowledge of the pytest library.

You can replace the call to print() with a return statement to improve the testability of greet() and simplify the test.

✅ Higher-quality code:

def greet(name: str) -> str:
    return f"Hello, {name}!"

def test_greet():
    assert greet("Alice") == "Hello, Alice!"

Now, the function returns the greeting message. This makes the test case quicker to write and requires less knowledge of pytest. It’s also more efficient and quick to run, so this version of greet() is more testable.

Efficiency

Efficiency is another essential factor to take into account when you have to evaluate the quality of a piece of code. In general, you can think of efficiency in terms of execution speed and memory consumption.

Depending on your project, you may find other features that could be considered for evaluating efficiency, including disk usage, network latency, energy consumption, and many others.

Consider the following code that computes the Fibonacci sequence of a series of numbers using a recursive algorithm.

🔴 Low-quality code:

from time import perf_counter

def fibonacci_of(n):
    if n in {0, 1}:
        return n
    return fibonacci_of(n - 1) + fibonacci_of(n - 2)

start = perf_counter()
[fibonacci_of(n) for n in range(35)]  # Generate 35 Fibonacci numbers
end = perf_counter()

print(f"Execution time: {end - start:.2f} seconds")

Go ahead and run this script from your command line:

$ python efficiency_v1.py
Execution time: 1.83 seconds

The execution time is almost two seconds. Now consider the improved implementation below.

✅ Higher-quality code:

from time import perf_counter

cache = {0: 0, 1: 1}

def fibonacci_of(n):
    if n in cache:
        return cache[n]
    cache[n] = fibonacci_of(n - 1) + fibonacci_of(n - 2)
    return cache[n]

start = perf_counter()
[fibonacci_of(n) for n in range(35)]  # Generate 35 Fibonacci numbers
end = perf_counter()

print(f"Execution time: {end - start:.2f} seconds")

This implementation optimizes the Fibonacci computation using caching. Now, run this improved code from the command line again:

$ python efficiency_v1.py
Execution time: 0.01 seconds

Wow! This code is quite a bit faster than its previous version. You’ve improved the code’s efficiency by boosting performance.

Scalability

The scalability of a piece of code refers to its ability to handle increasing workload, data size, or user demands without compromising the code’s performance, stability, or maintainability. It’s a relatively complex concept, so to illustrate it, here’s a quick example of code that deals with increasing data size.

🔴 Low-quality code:

>>> def sum_even_numbers(numbers):
...     even_numbers = [number for number in numbers if number % 2 == 0]
...     return sum(even_numbers)
...

>>> sum_even_numbers([1, 2, 3, 4, 5, 6, 7, 8, 9, 10])
30

This function filters the odd numbers out of the input list, creating a new list with all the values in memory. This can become an issue when the size of the input list grows considerably. To make the code scale well when the input data grows, you can replace the list comprehension with a generator expression.

✅ Higher-quality code:

>>> def sum_even_numbers(numbers):
...     return sum(number for number in numbers if number % 2 == 0)
...

>>> sum_even_numbers([1, 2, 3, 4, 5, 6, 7, 8, 9, 10])
30

The generator expression that you use as the argument to sum() ensures that only one value is stored in memory while calculating the total.

Security

Secure code prevents security vulnerabilities, protects sensitive data, and defends against potential attacks or malicious inputs. Following best practices ensures that systems stay safe, reliable, and resilient against common security threats.

A good example of risky code is when you accept a user’s input without validating it, and use this input for further processing.

🔴 Low-quality code:

user_input = "Amount to withdraw? "
amount = int(input(user_input))
available_balance = 1000
print(f"Here are your {amount:.2f}USD")
print(f"Your available balance is {available_balance - amount:.2f}USD")

This code uses the built-in input() function to grab the user input. The user should provide the amount of money to withdraw:

$ python input_v1.py
Amount to withdrawn? 300
Here are your 300.00USD
Your available balance is 700.00USD

The script takes the input data, simulates a cash withdrawal, and computes the final balance. Now, say that you enter the following:

$ python input_v1.py
Amount to withdrawn? 2000
Here are your 2000.00USD
Your available balance is -1000.00USD

In this case, the code has an error because the input value is greater than the available amount, and there’s no validation in place. As a result, the code gives out more money than it should. While this may seem like something that wouldn’t happen in the real world, it’s a simple example of a security flaw.

✅ Higher-quality code:

user_input = "Amount to withdraw? "
amount = int(input(user_input))
available_balance = 1000
if amount > available_balance:
    print("Insufficient funds")
    amount = 0
else:
    print(f"Here are your {amount:.2f}USD")

print(f"Your available balance is {available_balance - amount:.2f}USD")

In this updated version of the code, you ensure that the user has provided a valid amount by using a conditional statement to check the available balance.

Style Guides

A coding style guide defines guidelines for a consistent way to write code. Typically, these guidelines are primarily cosmetic, meaning they don’t change the logical outcome of the code, although some stylistic choices do prevent common logical mistakes. Following a style guide consistently facilitates making code readable, maintainable, and scalable.

For most Python code, you have PEP 8, the official and recommended coding style guide. It contains coding conventions for Python code and is widely used by the Python community. It’s a great place to start since it’s already well-defined and polished. To learn more about PEP 8, check out the How to Write Beautiful Python Code With PEP 8 tutorial.

You’ll also find that companies dedicated to developing software with Python may have their own internal style guide. That’s the case with Google, which has a well-crafted coding style guide for their Python developers.

Other than that, some Python projects have established their own style guides with guidelines specific to contributors. A good example is the Django project, which has a dedicated coding style guide.

Code Reviews

A code review is a process where developers examine and evaluate each other’s code to ensure it meets quality standards before merging it into the main or production codebase. The process may be carried out by experienced developers who review the code of other team members.

A code reviewer may have some of the following responsibilities:

• Verifying the code works as expected
• Ensuring the code is clear, with meaningful variable names and proper comments
• Catching repetitive code, encouraging modular design, and promoting reusable functions
• Identifying logic errors, edge cases, and incorrect assumptions
• Ensuring the code properly handles errors, edge cases, and exceptional situations
• Confirming the code adheres to style guidelines
• Detecting vulnerabilities like lack of input validation or unsafe usage of functions and objects
• Spotting inefficient algorithms or resource-intensive operations
• Ensuring the code has tests and satisfactory test coverage

As you can conclude, a good code review involves checking for code correctness, readability, maintainability, security, and many other quality factors.

To conduct a code review, a reviewer typically uses a specialized platform like GitHub, which allows them to provide relevant feedback in the form of comments, code change suggestions, and more.

Code reviews are vital for producing high-quality Python code. They improve the code being reviewed and help developers grow, learn, and collectively promote coding standards and best practices across the team.

AI Assistants

Artificial intelligence (AI) and large language models (LLMs) are getting a lot of attention these days. These tools have a growing potential as assistants that can help you write, review, improve, extend, document, test, and maintain your Python code.

AI assistants enhance code quality by offering you help throughout the software development process. With the help of an AI assistant, you can do some of the following:

• Generate code snippets based on descriptions
• Get context-aware code completion
• Check for typos and syntax errors
• Analyze code for readability
• Ensure the code follows the code style guide
• Make the code maintainable by applying best practices
• Identify potential bugs and logic errors
• Understand error messages and get quick fixes
• Simplify complex code
• Reduce or remove repetition
• Use Pythonic approaches and practices
• Generate docstrings, comments, README files, and documentation
• Write unit tests for your code and ensure good test coverage
• Detect common security vulnerabilities and issues
• Identify inefficient algorithms and write faster alternatives

AI assistants and LLMs can also act as interactive mentors for junior developers. To explore how to use AI tools to improve the quality of your code, you can check out the following resources:

• Prompt Engineering: A Practical Example
• ChatGPT: Your Personal Python Coding Mentor
• Real Python Code Mentor
• Episode 174: Considering ChatGPT’s Technical Review of a Programming Book
• Episode 236: Simon Willison: Using LLMs for Python Development

You can make it your goal to use AI to improve both your code quality and general development workflow. Remember that while AI may not replace you, those who learn to use it effectively will have an advantage.

Documentation Tools

To document your Python code, you can take advantage of several available tools. Before taking a look at some of them, it’s important to mention PEP 257, which describes conventions for Python’s docstrings.

A docstring is typically a triple-quoted string that you write at the beginning of modules, functions, and classes. Their purpose is to provide the most basic layer of code documentation. Modern code editors and integrated development environments (IDE) take advantage of docstrings to display context help when you’re working on your code.

As a bonus, there are a few handy tools to generate documentation directly from the code by reading the docstrings. To learn about a couple of these tools, check out the following resources:

• Build Your Python Project Documentation With MkDocs
• Documenting Python Projects With Sphinx and Read the Docs

Probably the most common piece of documentation that you’d write for a Python project is a README file. It’s a document that you typically add to the root directory of a software project, and is often a short guide that provides essential information about the project. To dive deeper into best practices and tools for writing a README, check out the Creating Great README Files for Your Python Projects tutorial.

You can also take advantage of AI, LLMs, and chatbots to help you generate detailed and high-quality documentation for your Python code. To experiment with this possibility, check out the Document Your Python Code and Projects With ChatGPT tutorial.

Code Linters

The Python community has built a few tools, known as linters, that you can set up and use to check different aspects of your code. Linters analyze code for potential errors, code smells, and adherence to coding style guides like PEP 8. They check for:

• Syntax errors: Detect basic syntax issues, such as missing colons and commas, invalid variable usage, and similar.
• Coding style violations: Check for correct indentation, spacing, and naming conventions.
• Unused imports, variables, and names: Flag unnecessary code that can be removed.
• Code complexity: Warn about overly complex functions and excessively long methods or classes.
• Potential bugs: Detect issues like shadowed variables and names, unreachable or dead code, and incorrect method and function signatures.
• Error handling issues: Identify overly broad exceptions and empty except blocks.
• Undocumented code: Check for missing docstrings in modules, classes, functions, and so on.
• Best practices: Advise against poor coding practices, such as mutable default argument values.
• Security vulnerabilities: Warn against insecure coding practices, such as hardcoded passwords, exposed API tokens, and the use of eval() and exec().
• Code duplication: Alert when similar code blocks appear multiple times.

Here are some modern Python linters with brief descriptions:

To run these linters against your code, you use different commands depending on the tool of choice. Fortunately, most of these tools can be nicely integrated into the majority of Python code editors and IDEs, such as Visual Studio Code and PyCharm.

These editors and IDEs have the ability to run linters in the background as you type or save your code. They typically highlight, underline, or otherwise identify problems in the code before you run it. Think of this feature as an advanced spell-check for code.

Static Type Checkers

Static type checkers are another category of code checker tools. Unlike linters, which cover a wide range of issues and possible issues, static type checkers focus on validating type annotations or type hints. They catch possible type-related bugs without running the code.

Some aspects of your code that you can check with static type checkers include the following:

• Incorrect type usage in variables and function calls: Detect variables used with an incompatible type or function called with arguments of wrong types.
• Missing or incorrect annotations: Warn if a piece of code lacks proper type hints.
• Type inference errors: Identify places where inferred types don’t match expectations.
• Issues with None: Catch potential NoneType attribute errors.
• Type compatibility in collections: Ensure lists, tuples, dictionaries, and other collections contain the correct data types.
• Protocol and interface compliance: Verify that classes correctly implement protocols and interfaces.

Here are a couple of modern static type checkers for Python code:

Again, you can install and run these tools against your code from the command line. However, modern code editors and IDEs often have them built-in or available as extensions. Once you have the type checker integrated, your editor will show you visual signals that point to issues flagged by the checker.

Code Formatters

A code formatter is a tool that automatically parses your code and formats it to be consistent with the accepted coding style. Usually, the standard path is to use PEP 8 as the style reference. Running a code formatter against your code produces style-related changes, including the following:

• Consistent indentation: Converts all indentation to a standard indentation of four spaces.
• Line length: Wraps lines exceeding length limits.
• Spacing and padding: Adds or removes spaces for readability, such as around operators and after commas.
• String quotes consistency: Converts all strings to a single quote or double quote style.
• Import sorting: Ensures imports are alphabetically ordered and grouped logically.
• Consistent use of blank lines: Ensures blank lines between functions and classes.

Here are some code formatting tools:

You can install and run these code formatters against your code from the command line. Again, you’ll find these tools integrated into code editors and IDEs, or you’ll have extensions to incorporate them into your workflow.

Typically, these tools will apply the formatting when you save the changes, but they also have options to format the code on paste, type, and so on.

If you work on a team of developers, then you can configure everyone’s environment to use the same code formatter with the same defaults and rely on the automated formatting. This frees you from having to flag formatting issues in your code reviews.

Code Testing

Writing and consistently running tests against your code help ensure correctness, reliability, and maintainability. Well-structured tests can significantly improve code quality by catching bugs early, enforcing best practices, and making code easier to refactor without breaking its functionality.

Tests can improve the quality of your code in some of the following ways:

• Ensuring the code works as expected: Running tests confirms that a function, class, or module behaves correctly under different conditions.
• Catching bugs early: Tests help identify logic errors, unexpected behavior, and edge cases.
• Facilitating code refactoring: Having tests in place allows safe refactoring, letting you verify that changes don’t break existing functionality.
• Improving readability and design: Writing tests forces you to think about the names of objects and the modularity of your code, leading to readable, reusable, and better-organized code.
• Preventing regression issues: Regression tests catch unintended side effects when modifying existing code.
• Increase confidence in deployments: Automating tests ensures that every release is stable, functional, and meets requirements.

In Python, you have several tools to help you write and automate tests. You can use doctest and unittest from the standard library, or you can use the pytest third-party library. To learn about these tools and how to test your code with them, check out the following resources:

• Getting Started With Testing in Python
• Python’s doctest: Document and Test Your Code at Once
• Python’s unittest: Writing Unit Tests for Your Code
• Effective Python Testing With pytest

As a bonus, you can also use an AI assistant to help you write tests for your Python code. These tools will dramatically improve your productivity. Check out the Write Unit Tests for Your Python Code With ChatGPT tutorial for a quick look at the topic.

Code Profilers

Code profilers analyze a program’s runtime behavior. They measure performance-related metrics, such as execution speed, memory usage, CPU usage, and function call frequencies. A code profiler flags the parts of your code that consume the most resources, allowing you to make changes to optimize the code’s efficiency.

Running code profiling tools on your code allows you to:

• Identify performance bottlenecks like slow functions or loops that impact execution time.
• Detect intensive CPU usage or high memory consumption, letting you optimize resource usage
• Spot inefficient algorithms, allowing you to replace inefficient code with optimized solutions.
• Detect high latency, letting you speed up operations like database queries, API calls, or computations.
• Find scalability issues related to handling larger datasets or higher loads.
• Make good refactoring decisions based on detailed data and statistics.

Common Python profiling tools include the following:

You can install and run these tools against your code to find opportunities to improve the code efficiency. Ultimately, the choice of a profiler depends on your specific use case. You can use cProfile and timeit from the Python standard library for quick checks that don’t require installing third-party libraries.

If you’re using Linux, you can try perf, a powerful performance profiling tool now supported in Python 3.12. To learn more about perf, check out the Python 3.12 Preview: Support For the Linux perf Profiler tutorial.

Finally, py-spy and Scalene are third-party libraries that you can consider using when you want to profile your code using a Python package that you can install from the Python Package Index (PyPI).

Vulnerability Checkers

It’s possible to inadvertently leak sensitive data, such as user credentials and API keys, through your code or expose your code to other security vulnerabilities like SQL injection attacks. To reduce the risk of such security incidents, you should perform security or vulnerability scanning on your Python code.

Bandit is a security-focused linter that scans for common vulnerabilities and insecure coding patterns in Python code. Some of these patterns include the use of:

• Unsanitized user inputs
• The exec(), eval(), and pickle.load() functions
• The assert statement
• Hardcoded API keys or passwords
• Insecure file operations
• Shell commands
• Unencrypted HTTP requests instead of HTTPS
• Broad exceptions
• Hardcoded SQL queries

These are just a sample of the tests that Bandit can run against your code. You can even use it to write your own tests and then run them on your Python projects. Once you have a list of detected issues, you can take action and fix them to make the code more secure.